Re: [feature suggestion] sshd should log the listening port number while logging errors/warnings

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]


On 05.06.23 08:59, Darren Tucker wrote:
On Mon, 5 Jun 2023 at 16:29, Yuri <yuri@xxxxxxxxx> wrote:
ssh_kex_exchange_identification: banner line contains invalid characters
It would be easier to figure out where offending connections come from.

The subsequent log line from sshpkt_fatal contains the source address
and port of that connection:

I think that Yuri meant (one of his several) ssh*d*-side port(s).

There is SyslogFacility (plus the filtering capabilities of modern syslogd's), but since that would quite likely leak sensitive information out of the (better-protected) /var/log/secure on RHEL-like systems, I can't really recommend (ab)using it.

However, I guess that allowing the sysadmin to change the progname/ident parameter of the syslogging (like you can with the "daemon XYZ" setting for multi-instance OpenVPN servers), rather than having it fixed to "sshd", would prove more versatile than specifically adding the Port to selected message( string)s ...

Kind regards,
Jochen Bern

Binect GmbH

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

openssh-unix-dev mailing list

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux